<!DOCTYPE html>
<html lang="en">
  <head>
    <link rel="stylesheet" type="text/css" href="/css/style.css?v=18" />
    <link rel="stylesheet" type="text/css" href="/css/fontello.css?v=2" />
    <link rel="stylesheet" type="text/css" href="/css/themes/nitter.css" />
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
    <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
    <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
    <link rel="manifest" href="/site.webmanifest" />
    <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#ff6c60" />
    <link rel="search" type="application/opensearchdescription+xml" title="nitter" href="https://nitter.net/opensearch" />
    <link rel="canonical" href="https://twitter.com/David3141593/status/1575978540868435968" />
    <title>David Buchanan (@David3141593): &quot;linux-syscall-support is a very useful single-header C library that I don&#x27;t see mentioned often: https:&#x2F;&#x2F;chromium.googlesource.com&#x2F;linux-syscall-support&#x2F;

You can use it to make direct syscalls without a libc - useful for writing compact exploits or shellcode, without resorting to hand-written assembly.&quot;|nitter</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#1F1F1F" />
    <meta property="og:type" content="article" />
    <meta property="og:title" content="David Buchanan (@David3141593)" />
    <meta property="og:description" content="linux-syscall-support is a very useful single-header C library that I don't see mentioned often: https://chromium.googlesource.com/linux-syscall-support/

You can use it to make direct syscalls without a libc - useful for writing compact exploits or shellcode, without resorting to hand-written assembly." />
    <meta property="og:site_name" content="Nitter" />
    <meta property="og:locale" content="en_US" />
    <link rel="preload" type="font/woff2" as="font" href="/fonts/fontello.woff2?21002321" crossorigin="anonymous" />
  </head>
  <body>
    <nav><div class="inner-nav">
        <div class="nav-item"><a class="site-name" href="/">nitter</a></div>
        <a href="/"><img class="site-logo" src="/logo.png" alt="Logo" /></a>
        <div class="nav-item right">
          <div class="icon-container"><a class="icon-search" title="Search" href="/search"></a></div>
          <div class="icon-container"><a class="icon-bird" title="Open in Twitter" href="https://twitter.com/David3141593/status/1575978540868435968"></a></div>
          <a href="https://liberapay.com/zedeus"><svg class="lp" viewBox="0 0 40.6 52.3">
  <g transform="matrix(0.83,0,0,0.83,-158,-261)">
    <path d="m202.5,366c-3.1 0-5.5-0.4-7.3-1.2-1.8-0.8-3-1.9-3.8-3.3-0.8-1.4-1.1-3-1.1-4.8 0-1.8 0.3-3.7 0.8-5.8l8.3-34.8 10.2-1.6-9.1 37.8c-0.2 0.8-0.3 1.5-0.3 2.2 0 0.7 0.1 1.2 0.4 1.7 0.3 0.5 0.7 0.9 1.3 1.2 0.6 0.3 1.5 0.5 2.7 0.6l-2 8.1"/>
    <path d="m239.2 344.3c0 3.2-0.5 6.1-1.6 8.8-1 2.6-2.5 4.9-4.4 6.9-1.9 1.9-4.1 3.4-6.7 4.5-2.6 1.1-5.4 1.6-8.5 1.6-1.5 0-3-0.1-4.5-0.4l-3 11.9h-9.7l10.9-45.4c1.7-0.5 3.7-1 6-1.4 2.3-0.4 4.7-0.6 7.3-0.6 2.4 0 4.6 0.4 6.3 1.1 1.8 0.7 3.2 1.8 4.4 3 1.1 1.3 2 2.8 2.5 4.5 0.5 1.7 0.8 3.6 0.8 5.5m-23.8 13.4c0.7 0.2 1.7 0.3 2.8 0.3 1.7 0 3.3-0.3 4.7-1 1.4-0.6 2.6-1.5 3.6-2.7 1-1.1 1.7-2.5 2.3-4.1 0.5-1.6 0.8-3.4 0.8-5.3 0-1.9-0.4-3.5-1.2-4.8-0.8-1.3-2.3-2-4.3-2-1.4 0-2.7 0.1-3.9 0.4l-4.6 19.1"/>
  </g>
</svg>
</a>
          <div class="icon-container"><a class="icon-info" title="About" href="/about"></a></div>
          <div class="icon-container"><a class="icon-cog" title="Preferences" href="/settings?referer=%2FDavid3141593%2Fstatus%2F1575978540868435968%23m"></a></div>
        </div>
      </div></nav>
    <div class="container"><div class="conversation">
        <div class="main-thread">
          <div id="m" class="main-tweet"><div class="timeline-item thread thread-line"><div class="tweet-body">
                <div><div class="tweet-header">
                    <a class="tweet-avatar" href="/David3141593"><img class="avatar round" src="/pic/profile_images%2F824035276620238848%2FbdPI4Q1t_bigger.jpg" alt="" /></a>
                    <div class="tweet-name-row">
                      <div class="fullname-and-username">
                        <a class="fullname" href="/David3141593" title="David Buchanan">David Buchanan</a>
                        <a class="username" href="/David3141593" title="@David3141593">@David3141593</a>
                      </div>
                      <span class="tweet-date"><a href="/David3141593/status/1575978540868435968#m" title="Sep 30, 2022 · 10:38 PM UTC">Sep 30</a></span>
                    </div>
                  </div></div>
                <div class="tweet-content media-body" dir="auto">linux-syscall-support is a very useful single-header C library that I don't see mentioned often: <a href="https://chromium.googlesource.com/linux-syscall-support/">chromium.googlesource.com/li…</a>

You can use it to make direct syscalls without a libc - useful for writing compact exploits or shellcode, without resorting to hand-written assembly.</div>
                <p class="tweet-published">Sep 30, 2022 · 10:38 PM UTC · Twitter Web App</p>
                <div class="tweet-stats">
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-comment" title=""></span> 4</div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-retweet" title=""></span> 37</div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-quote" title=""></span> 3</div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-heart" title=""></span> 205</div></span>
                </div>
              </div></div></div>
          <div class="after-tweet thread-line">
            <div class="timeline-item ">
              <a class="tweet-link" href="/David3141593/status/1575978542948847616#m"></a>
              <div class="tweet-body">
                <div><div class="tweet-header">
                    <a class="tweet-avatar" href="/David3141593"><img class="avatar round" src="/pic/profile_images%2F824035276620238848%2FbdPI4Q1t_bigger.jpg" alt="" /></a>
                    <div class="tweet-name-row">
                      <div class="fullname-and-username">
                        <a class="fullname" href="/David3141593" title="David Buchanan">David Buchanan</a>
                        <a class="username" href="/David3141593" title="@David3141593">@David3141593</a>
                      </div>
                      <span class="tweet-date"><a href="/David3141593/status/1575978542948847616#m" title="Sep 30, 2022 · 10:38 PM UTC">Sep 30</a></span>
                    </div>
                  </div></div>
                <div class="tweet-content media-body" dir="auto">It's particularly useful in combination with <a href="/gamozolabs" title="Brandon Falk">@gamozolabs</a>'s elfloader, which you can use to convert an ELF into a flat buffer suitable for running directly as shellcode <a href="https://github.com/gamozolabs/elfloader">github.com/gamozolabs/elfloa…</a></div>
                <div class="card large"><a class="card-container" href="https://github.com/gamozolabs/elfloader">
                    <div class="card-image-container"><div class="card-image"><img src="/pic/card_img%2F1579905117788438529%2Ftv1W1Ybj%3Fformat%3Djpg%26name%3D600x600" alt="" /></div></div>
                    <div class="card-content-container"><div class="card-content">
                        <h2 class="card-title">GitHub - gamozolabs&#x2F;elfloader: An architecture-agnostic ELF file flattener for shellcode</h2>
                        <p class="card-description">An architecture-agnostic ELF file flattener for shellcode - GitHub - gamozolabs&#x2F;elfloader: An architecture-agnostic ELF file flattener for shellcode</p>
                        <span class="card-destination">github.com</span>
                      </div></div>
                  </a></div>
                <div class="tweet-stats">
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-comment" title=""></span> 3</div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-retweet" title=""></span> 1</div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-quote" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-heart" title=""></span> 25</div></span>
                </div>
              </div>
            </div>
            <div class="timeline-item thread-last ">
              <a class="tweet-link" href="/David3141593/status/1575978545008218112#m"></a>
              <div class="tweet-body">
                <div><div class="tweet-header">
                    <a class="tweet-avatar" href="/David3141593"><img class="avatar round" src="/pic/profile_images%2F824035276620238848%2FbdPI4Q1t_bigger.jpg" alt="" /></a>
                    <div class="tweet-name-row">
                      <div class="fullname-and-username">
                        <a class="fullname" href="/David3141593" title="David Buchanan">David Buchanan</a>
                        <a class="username" href="/David3141593" title="@David3141593">@David3141593</a>
                      </div>
                      <span class="tweet-date"><a href="/David3141593/status/1575978545008218112#m" title="Sep 30, 2022 · 10:39 PM UTC">Sep 30</a></span>
                    </div>
                  </div></div>
                <div class="tweet-content media-body" dir="auto">The end-result is longer than hand-written shellcode, but you get cross-architecture support for free - all you have to do is recompile.

I used this technique for generating demo payloads for Monomorph: <a href="https://github.com/DavidBuchanan314/monomorph/tree/main/sample_payloads">github.com/DavidBuchanan314/…</a></div>
                <div class="tweet-stats">
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-comment" title=""></span> 2</div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-retweet" title=""></span> 1</div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-quote" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-heart" title=""></span> 19</div></span>
                </div>
              </div>
            </div>
          </div>
        </div>
        <div id="r" class="replies">
          <div class="reply thread thread-line"><div class="timeline-item thread-last ">
              <a class="tweet-link" href="/haerwu/status/1576469992903962625#m"></a>
              <div class="tweet-body">
                <div><div class="tweet-header">
                    <a class="tweet-avatar" href="/haerwu"><img class="avatar round" src="/pic/profile_images%2F1569188341454626823%2FxaA1kQIY_bigger.jpg" alt="" /></a>
                    <div class="tweet-name-row">
                      <div class="fullname-and-username">
                        <a class="fullname" href="/haerwu" title="Marcin Juszkiewicz">Marcin Juszkiewicz</a>
                        <a class="username" href="/haerwu" title="@haerwu">@haerwu</a>
                      </div>
                      <span class="tweet-date"><a href="/haerwu/status/1576469992903962625#m" title="Oct 2, 2022 · 7:11 AM UTC">Oct 2</a></span>
                    </div>
                  </div></div>
                <div class="replying-to">Replying to <a href="/David3141593">@David3141593</a> <a href="/kernellogger">@kernellogger</a></div>
                <div class="tweet-content media-body" dir="auto">And if you want to check which syscalls are available on which architecture or need their numbers or have a number and need a name then my system calls table can be handy.

There is also Python package for it with a few tools.

<a href="https://marcin.juszkiewicz.com.pl/download/tables/syscalls.html">marcin.juszkiewicz.com.pl/do…</a></div>
                <div class="card"><a class="card-container" href="https://marcin.juszkiewicz.com.pl/download/tables/syscalls.html">
                    <div class="card-image-container"><div class="card-image"><img src="/pic/card_img%2F1580521981870592008%2FBWV9Hdx9%3Fformat%3Djpg%26name%3D420x420_2" alt="" /></div></div>
                    <div class="card-content-container"><div class="card-content">
                        <h2 class="card-title">Marcin Juszkiewicz</h2>
                        <p class="card-description">Linux kernel system calls table</p>
                        <span class="card-destination">marcin.juszkiewicz.com.pl</span>
                      </div></div>
                  </a></div>
                <div class="tweet-stats">
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-comment" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-retweet" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-quote" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-heart" title=""></span> 6</div></span>
                </div>
              </div>
            </div></div>
          <div class="reply thread thread-line"><div class="timeline-item thread-last ">
              <a class="tweet-link" href="/FrenchYeti/status/1576822357187969025#m"></a>
              <div class="tweet-body">
                <div><div class="tweet-header">
                    <a class="tweet-avatar" href="/FrenchYeti"><img class="avatar round" src="/pic/profile_images%2F806134166127513601%2FWTlpFxe2_bigger.jpg" alt="" /></a>
                    <div class="tweet-name-row">
                      <div class="fullname-and-username">
                        <a class="fullname" href="/FrenchYeti" title="FrenchYeti">FrenchYeti</a>
                        <a class="username" href="/FrenchYeti" title="@FrenchYeti">@FrenchYeti</a>
                      </div>
                      <span class="tweet-date"><a href="/FrenchYeti/status/1576822357187969025#m" title="Oct 3, 2022 · 6:32 AM UTC">Oct 3</a></span>
                    </div>
                  </div></div>
                <div class="replying-to">Replying to <a href="/David3141593">@David3141593</a></div>
                <div class="tweet-content media-body" dir="auto">And if you want to hook and tamper system calls when the instruction which triggers the interruption (surch as SVC for arm64) is called,  you can use Interruptor tools based on Frida : <a href="https://github.com/FrenchYeti/interruptor">github.com/FrenchYeti/interr…</a></div>
                <div class="card large"><a class="card-container" href="https://github.com/FrenchYeti/interruptor">
                    <div class="card-image-container"><div class="card-image"><img src="/pic/card_img%2F1581009978038648833%2F3OASWXsn%3Fformat%3Djpg%26name%3D600x600" alt="" /></div></div>
                    <div class="card-content-container"><div class="card-content">
                        <h2 class="card-title">GitHub - FrenchYeti&#x2F;interruptor: The home for Interruptor, a human-friendly interrupts hook library...</h2>
                        <p class="card-description">The home for Interruptor, a human-friendly interrupts hook library based on Frida&#x27;s Stalker - GitHub - FrenchYeti&#x2F;interruptor: The home for Interruptor, a human-friendly interrupts hook lib...</p>
                        <span class="card-destination">github.com</span>
                      </div></div>
                  </a></div>
                <div class="tweet-stats">
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-comment" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-retweet" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-quote" title=""></span></div></span>
                  <span class="tweet-stat"><div class="icon-container"><span class="icon-heart" title=""></span> 8</div></span>
                </div>
              </div>
            </div></div>
          <div class="show-more"><a href="?cursor=LBk2gMDUodGIgN8rgsDT4eTG3%2BArgoCqoYvl%2F%2BErJQYRAAA%3D#r">Load more</a></div>
        </div>
        <div class="top-ref"><div class="icon-container"><a class="icon-down" title="" href="#m"></a></div></div>
      </div></div>
  </body>
</html>